Insights¶
Cybersecurity Risk Measurement Justification¶
- Selected Measurement: Ratio
- Justifications: Ratio provides a normalized measure of cybersecurity risk. By calculating the ratio of relevant sentences to total sentences, variations in the overall length of the Item 1A section across different filings are considered. This allows for more meaningful comparisons between companies and across time periods.
Mean & Std.Dev Cyber Risk Observations¶
- All Industries have a positive skewness of around 3, indicating that there are a few companies with really high cybersecurity risk compared with other companies in each industries. This suggests that extreme cases of cybersecurity exposure exist, possibly due to inadequate security measures or higher-profile attacks on certain firms.
- All Industries have kurtosis greater than 3, indicating a distribution with heavier tails and a sharper peak than the normal distribution, which shows that though lots data points are centered together, there are also plenty of data points located else where, creating heavy tails.
- The means for cyberrisk ratio increase dramatically for all industries after 2010. This could indicate a growing awareness and recognition of cybersecurity risks within organizations, likely influenced by high-profile cyber incidents and regulatory changes that prompted firms to assess and report their cybersecurity vulnerabilities more accurately. The rise in average risk may also reflect the increasing sophistication of cyber-threats targeting various industries.
- The standard deivations for cyberrisk ratio also has a obvious increasing pattern for most industries from 1996 to 2023, except for Agriculture, which has a decreasing pattern in standard deviation after 2012, and Public, which decrease dramatically at 2020. This suggests that the disparity in cybersecurity risk among companies is widening, with some firms becoming significantly more exposed to risks than others. The increase in variability indicates that while some companies have strengthened their defenses, others may be lagging behind, leading to greater overall differences in risk profiles.
- The Agriculture industry stands out with a decreasing pattern in standard deviation after 2012, which could imply that firms in this industry are experiencing more uniform levels of cybersecurity risk over time. This might be due to a lack of significant cybersecurity events or initiatives to improve security measures across the industry.
- The Public Administration industry's dramatic decrease in standard deviation at 2020 might be due to regulatory changes, standardized security practices, or increased focus on cybersecurity within the public sector, making risk levels more uniform across firms. However, it could also be attribute to random sampling.
Portfolio Analysis¶
- Equal Weighted Portfolio with High Cybersecurity Risk Portfolio Return
- 16.3%
- After 2005: 20.9%
- Equal Weighted Portfolio with Low Cybersecurity Risk Portfolio Return
- 12.5%
- After 2005: 17.1%
- Value Weighted Portfolio with High Cybersecurity Risk Portfolio Return
- 26.7%
- After 2005: 40.7%
- Value Weighted Portfolio with Low Cybersecurity Risk Portfolio Return
- 17.6%
- After 2005: 30%
- The return for high cyberrisk portfolio is higher than the return for low cyberrisk portfolio, such differnence is mainly due to the overall better performance of high cybersecurity risk portfolio after 2005. Moreover, difference in distribution between these two portfolios are mainly shown before 2005, which might due to lack of data points, where most listed companies had cyberrisk as 0, and lack of awareness of cybersecurity issue leading to lack of effective data points. Starting from 2006, these two profiles seems to have similar shape portfolio returns, with a consistent slightly higher return in portfolio with higher cybersecurity risk. This observation is consistent with both equal weighted portfolio and value weighted portfolio.
- This suggests that firms with greater exposure to cybersecurity risks were delivering better returns during this period, potentially due to the market not yet fully recognizing the risks associated with cybersecurity or firms benefiting from rapid technological adoption, despite their vulnerabilities, which is a consistent result with the paper provided.
- Earlier in the data period, there was less awareness of cybersecurity issues, leading to less emphasis on risk management in corporate strategies. The lack of robust data during this period may have influenced the performance metrics of the portfolios.
- Similer return pattern in return for stocks with different cyber risk could suggest that investors have begun to factor cybersecurity risk into their valuations or that companies have implemented better risk management practices, reducing the performance gap.
- Only measuring portfolio return after 2005, there is a increase in all portfolios, but the gap between portfolio with higher cyberrisk and portfolio with lower cyberrisk remains the same, showing that cyberrisk can still distinguished portfolio with potential higher return even awareness toward cyberrisk increase.
- The return for value weighted portfolio is higher than the return for equal weighted portfolio.
- This suggests that larger companies may have advantages in navigating cybersecurity risks, which ultimately impacts their stock performance.
- Equal Weighted Portfolio with High Cybersecurity Risk Portfolio Return
Constructing Measure of Cybersecurity Risk¶
- If filing date is before July, then we consider the risk measurement could be applied for current year; else, it will be applied to the future year
Mean & Std.Dev Analysis¶
-------------------------------------------------- This is the Statistics of ratio of cyber for industry Agriculture count 138.000000 mean 0.006513 std 0.010808 min 0.000000 max 0.044444 skew 2.076317 kurtosis 4.034872 1% 0.000000 5% 0.000000 25% 0.000000 50% 0.000000 75% 0.007850 95% 0.031498 99% 0.044444 Name: ratio_cyber, dtype: float64 -------------------------------------------------- This is the Statistics of ratio of cyber for industry Mining count 188.000000 mean 0.004992 std 0.008027 min 0.000000 max 0.053763 skew 2.313061 kurtosis 7.913731 1% 0.000000 5% 0.000000 25% 0.000000 50% 0.000000 75% 0.008478 95% 0.019998 99% 0.031838 Name: ratio_cyber, dtype: float64 -------------------------------------------------- This is the Statistics of ratio of cyber for industry Construction count 178.000000 mean 0.005413 std 0.008362 min 0.000000 max 0.041958 skew 1.951254 kurtosis 3.862335 1% 0.000000 5% 0.000000 25% 0.000000 50% 0.000000 75% 0.007477 95% 0.021756 99% 0.032455 Name: ratio_cyber, dtype: float64 -------------------------------------------------- This is the Statistics of ratio of cyber for industry Manufacturing count 278.000000 mean 0.004684 std 0.011015 min 0.000000 max 0.117117 skew 5.203366 kurtosis 42.011789 1% 0.000000 5% 0.000000 25% 0.000000 50% 0.000000 75% 0.004838 95% 0.024090 99% 0.038625 Name: ratio_cyber, dtype: float64 -------------------------------------------------- This is the Statistics of ratio of cyber for industry Transportation count 198.000000 mean 0.007402 std 0.009832 min 0.000000 max 0.054237 skew 1.530520 kurtosis 2.490333 1% 0.000000 5% 0.000000 25% 0.000000 50% 0.003046 75% 0.013223 95% 0.026929 99% 0.034937 Name: ratio_cyber, dtype: float64 -------------------------------------------------- This is the Statistics of ratio of cyber for industry Wholesale count 195.000000 mean 0.008441 std 0.013974 min 0.000000 max 0.097345 skew 2.939837 kurtosis 11.726853 1% 0.000000 5% 0.000000 25% 0.000000 50% 0.002364 75% 0.012048 95% 0.034335 99% 0.057746 Name: ratio_cyber, dtype: float64 -------------------------------------------------- This is the Statistics of ratio of cyber for industry Retail count 213.000000 mean 0.006936 std 0.008952 min 0.000000 max 0.051095 skew 1.647674 kurtosis 3.223421 1% 0.000000 5% 0.000000 25% 0.000000 50% 0.004237 75% 0.011070 95% 0.024997 99% 0.033175 Name: ratio_cyber, dtype: float64 -------------------------------------------------- This is the Statistics of ratio of cyber for industry Finance count 201.000000 mean 0.009461 std 0.012723 min 0.000000 max 0.069686 skew 1.502620 kurtosis 2.275229 1% 0.000000 5% 0.000000 25% 0.000000 50% 0.003289 75% 0.016194 95% 0.034591 99% 0.041667 Name: ratio_cyber, dtype: float64 -------------------------------------------------- This is the Statistics of ratio of cyber for industry Service count 239.000000 mean 0.007462 std 0.011234 min 0.000000 max 0.056872 skew 2.118013 kurtosis 4.868462 1% 0.000000 5% 0.000000 25% 0.000000 50% 0.002469 75% 0.012511 95% 0.032492 99% 0.049574 Name: ratio_cyber, dtype: float64 -------------------------------------------------- This is the Statistics of ratio of cyber for industry Public count 160.000000 mean 0.005635 std 0.008702 min 0.000000 max 0.067901 skew 3.457380 kurtosis 17.819636 1% 0.000000 5% 0.000000 25% 0.000000 50% 0.002845 75% 0.007481 95% 0.021175 99% 0.037676 Name: ratio_cyber, dtype: float64
Portfolio Analysis¶
Average return rate for high cyber risk equal portfolio constructed by cyber_risk is 0.16306294392775447 Average return rate for low cyber risk equal portfolio constructed by cyber_risk is 0.1252428433950231 Average return rate for high cyber risk equal portfolio constructed by cyber_risk After 2005 is 0.20886918258492135 Average return rate for low cyber risk equal portfolio constructed by cyber_risk After 2005 is 0.17088637611340227
Average return rate for high cyber risk weighted portfolio constructed is 0.26665931942305626 Average return rate for low cyber risk weighted portfolio constructed is 0.17644355970107567 Average return rate for high cyber risk equal portfolio constructed by cyber_risk After 2005 is 0.4065063497629581 Average return rate for low cyber risk equal portfolio constructed by cyber_risk After 2005 is 0.300063665749655